Abstract
Third-party applications are popular: they improve and extend the features offered by their respective platforms, whether being mobile OS, browsers or cloud-based tools. Although some privacy concerns regarding these apps have been studied in detail, the phenomenon of interdependent privacy, when a user shares others’ data with an app without their knowledge and consent. Through careful analysis of permission models and multiple platform-specific datasets, we show that interdependent privacy risks are enabled by certain permissions in all platforms studied, and actual apps request these permissions instantiating these risks. We also identify potential risk signals, and discuss solutions which could improve transparency and control for users, developers and platform owners.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
References
Arzt, S., et al.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)
Biczók, G., Chia, P.H.: Interdependent privacy: let me share your data. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 338–353. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_29
Boyd, D.: Networked privacy. Surveill. Soc. 10(3/4), 348 (2012)
Chia, P.H., Yamamoto, Y., Asokan, N.: Is this app safe?: a large scale study on application permissions and risk signals. In: Mille, A., Gandon, F., Misselis, J., Rabinovich, M., Staab, S. (eds.) Proceedings of the 21st World Wide Web Conference 2012, WWW 2012, Lyon, France, 16–20 April 2012, pp. 311–320. ACM (2012). https://doi.org/10.1145/2187836.2187879
Fragkaki, E., Bauer, L., Jia, L., Swasey, D.: Modeling and enhancing Android’s permission system. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 1–18. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33167-1_1
Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in Android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30921-2_17
Gnesi, S., Matteucci, I., Moiso, C., Mori, P., Petrocchi, M., Vescovi, M.: My data, your data, our data: managing privacy preferences in multiple subjects personal data. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 154–171. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06749-0_11
Harkous, H., Aberer, K.: “If you can’t beat them, join them”: a usability approach to interdependent privacy in cloud apps. CoRR abs/1702.08234 (2017). http://arxiv.org/abs/1702.08234
Humbert, M., Ayday, E., Hubaux, J., Telenti, A.: Addressing the concerns of the lacks family: quantification of kin genomic privacy. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, Berlin, Germany, 4–8 November 2013, pp. 1141–1152. ACM (2013). https://doi.org/10.1145/2508859.2516707
Humbert, M., Trubert, B., Huguenin, K.: A survey on interdependent privacy. ACM Comput. Surv. 52(6), 122:1–122:40 (2020). https://doi.org/10.1145/3360498
Jia, L., et al.: Run-time enforcement of information-flow properties on Android. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 775–792. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_43
Kamleitner, B., Mitchell, V.: Your data is my data: a framework for addressing interdependent privacy infringements. J. Public Policy Market. 38(4), 433–450 (2019)
Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 3393–3402 (2013)
King, J., Lampinen, A., Smolen, A.: Privacy: is there an app for that? In: Proceedings of the Seventh Symposium on Usable Privacy and Security, pp. 1–20 (2011)
Olteanu, A., Huguenin, K., Dacosta, I., Hubaux, J.: Consensual and privacy-preserving sharing of multi-subject and interdependent data. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 18–21 February 2018. The Internet Society (2018). http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/07/ndss2018_06B-1_Olteanu_paper.pdf
Olteanu, A., Huguenin, K., Shokri, R., Humbert, M., Hubaux, J.: Quantifying interdependent privacy risks with location data. IEEE Trans. Mob. Comput. 16(3), 829–842 (2017). https://doi.org/10.1109/TMC.2016.2561281
Parker, G.G., Van Alstyne, M.W.: Two-sided network effects: a theory of information product design. Manag. Sci. 51(10), 1494–1504 (2005)
Pu, Y., Grossklags, J.: Towards a model on the factors influencing social app users’ valuation of interdependent privacy. Proc. Priv. Enhancing Technol. 2016(2), 61–81 (2016). https://doi.org/10.1515/popets-2016-0005
Reardon, J., Feal, Á., Wijesekera, P., On, A.E.B., Vallina-Rodriguez, N., Egelman, S.: 50 ways to leak your data: an exploration of apps’ circumvention of the android permissions system. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 603–620 (2019)
Squicciarini, A.C., Shehab, M., Paci, F.: Collective privacy management in social networks. In: Quemada, J., León, G., Maarek, Y.S., Nejdl, W. (eds.) Proceedings of the 18th International Conference on World Wide Web, WWW 2009, Madrid, Spain, 20–24 April 2009, pp. 521–530. ACM (2009). https://doi.org/10.1145/1526709.1526780
Such, J.M., Porter, J., Preibusch, S., Joinson, A.: Photo privacy conflicts in social media: a large-scale empirical study. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, pp. 3821–3832 (2017)
Symeonidis, I., Biczók, G., Shirazi, F., Pérez-Solà, C., Schroers, J., Preneel, B.: Collateral damage of Facebook third-party applications: a comprehensive study. Comput. Secur. 77, 179–208 (2018). https://doi.org/10.1016/j.cose.2018.03.015
Wang, N., Xu, H., Grossklags, J.: Third-party apps on Facebook: privacy and the illusion of control. In: Proceedings of the 5th ACM Symposium on Computer Human Interaction for Management of Information Technology, pp. 1–10 (2011)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Liu, S., Herendi, B., Biczók, G. (2022). Interdependent Privacy Issues Are Pervasive Among Third-Party Applications. In: Garcia-Alfaro, J., Muñoz-Tapia, J.L., Navarro-Arribas, G., Soriano, M. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2021 2021. Lecture Notes in Computer Science(), vol 13140. Springer, Cham. https://doi.org/10.1007/978-3-030-93944-1_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-93944-1_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93943-4
Online ISBN: 978-3-030-93944-1
eBook Packages: Computer ScienceComputer Science (R0)